entando-spring-boot-parent/owasp-dependency-check-suppression.xml at develop · entando/entando-spring-boot-parent · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~
  ~ Copyright 2015-Present Entando Inc. (http://www.entando.com) All rights reserved.
  ~
  ~ This library is free software; you can redistribute it and/or modify it under
  ~ the terms of the GNU Lesser General Public License as published by the Free
  ~ Software Foundation; either version 2.1 of the License, or (at your option)
  ~ any later version.
  ~
  ~  This library is distributed in the hope that it will be useful, but WITHOUT
  ~ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  ~ FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
  ~ details.
  ~
  -->

<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
        A whole lot of false positives based on K8S's internals that have nothing to do with our CRDs
      ]]></notes>
        <cpe>cpe:/a:kubernetes:kubernetes</cpe>
        <cve>CVE-2020-8555</cve>
        <cve>CVE-2019-11254</cve>
        <cve>CVE-2019-1002100</cve>
        <cve>CVE-2020-8552</cve>
        <cve>CVE-2020-8563</cve>
        <cve>CVE-2019-11248</cve>
        <cve>CVE-2019-9946</cve>
        <cve>CVE-2019-11250</cve>
        <cve>CVE-2020-8557</cve>
        <cve>CVE-2020-8570</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        A false positives relative to K8S's client that has nothing to do with the imported one by Fabric8
      ]]></notes>
        <cpe>cpe:/a:kubernetes:java</cpe>
        <cve>CVE-2021-25738</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: nimbus-jose-jwt-7.8.1.jar
   ]]></notes>
        <gav>com.nimbusds:nimbus-jose-jwt:7.8.1</gav>
        <cve>CVE-2019-17195</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[-->
            spring-security-jwt*@1.1.1.RELEASE
        ]]></notes>
        <packageUrl regex="true">
            ^pkg:maven/org\.springframework\.security/spring\-security\-jwt@.*$
        </packageUrl>
        <cve>CVE-2021-22112</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[-->
            nothing new available
        ]]></notes>
        <packageUrl regex="true">
            ^pkg:maven/com\.nimbusds/lang-tag@.*$
        </packageUrl>
        <cve>CVE-2020-29242</cve>
        <cve>CVE-2020-29243</cve>
        <cve>CVE-2020-29244</cve>
        <cve>CVE-2020-29245</cve>
        <cve>CVE-2020-23171</cve>
    </suppress>
    <suppress>
        <cve>CVE-2020-8554</cve>
        <cve>CVE-2021-23463</cve>
        <cve>CVE-2021-44832</cve>
        <cve>CVE-2021-44228</cve>
        <cve>CVE-2021-45105</cve>
        <cve>CVE-2021-45046</cve>
        <cve>CVE-2021-42550</cve>
        <cve>CVE-2020-8554</cve>
        <cve>CVE-2020-8570</cve>
        <cve>CVE-2021-25738</cve>
        <cve>CVE-2021-22112</cve>
    </suppress>
</suppressions>